Some of the posts by bloggers and commenters breach laws such as defamation, privacy, breach of confidence, harrassment and copyright. In most cases, the relevant ISPs have access to identifying information that can blow their cover. If someone wants to sue the anonymous poster, when do the ISPs have to give them up?

This was one of the questions tackled by US Professor Brian Murchison in a paper he presented recently in Sydney and Melbourne. I was brought in to comment on the paper, and used the opportunity to check out the equivalent laws in NZ, Australia and the UK.

The upshot is that it’s relatively hard to force ISPs to turn over their users in the US. In large part, this is because anonymous speech is constitutionally protected. There’s a recognition that if people can’t speak anonymously, fewer will speak at all, and the rest of us will be the poorer for it. To get a court order for the disclosure of the blogger’s identity, plaintiffs in the US have to spell out a technically valid legal claim, and provide evidential support for it. In other words, they have to make out a prima facie case. (It seems this standard is also applied in Canada). In many US states, they also have to show that the harm done to free speech values isn’t disproportionate in the circumstances.

What’s more, it seems clear that the parties have to make some attempt to let the anonymous blogger know that the application has been made so that, some way or other, he or she can put some arguments before the court.

That’s North America. But the law in NZ, Australia and the UK is different. In those places, it seems to be much easier for plaintiffs to get access to the identities of anonymous bloggers and posters. And there’s no requirement that anyone try to contact the bloggers to let them know what’s going on.

The standard in NZ seems to require merely that the plaintiff needs the identity in order to be able to formulate a claim. This is contained in the rules concerning pre-commencement discovery. The courts have specifically said that the plaintiff doesn’t have to show that there’s any likelihood that the claim will succeed (though it must be more than “speculative”). That means plaintiffs also need to show that they can’t get the information elsewhere, and that the ISP probably has it. They’ll also have to meet the ISP’s expenses.

Ultimately, this is a discretion, and there is a hint in the case law that if material is confidential, the courts will take this into account. There’s room for free speech arguments to be made here, but it’s not clear how the courts will treat them. The wording of the rule, and the existing case law, indicate that the threshold is a low one.

Same in Australia. There, the courts have held that you need to show an arguable case, though not a prima facie one. The test is a bit circular: is your claim sufficient to make it proper in the interests of justice that preliminary discovery be ordered? When will it be in the interests of justice to order the disclosure? When the plaintiff won’t have an “effective remedy” without it. It can be argued that there’s no need to order the disclosure of a blogger’s identity when there’s someone else to sue (the ISP, perhaps, or the person who operates the website). But that argument won’t work if the ISP or website operator has a defence that wouldn’t be available to the blogger. If that’s the case, the plaintiff can fairly say that the blogger/poster should be answering the case themselves.

I’m told that such applications are not uncommon in Australia, though they don’t get reported. They tend to succeed.

There is some reported case law in the UK, and it follows similar lines. The 1974 Norwich Pharmacal case is the leading precedent. Though it wasn’t about the internet, later ISP cases have drawn on it. Like Australia, there’s an arguable case threshold, not a prima facie one. The courts will take into account the apparent strength of the case, along with things like the gravity of the allegations, the extent of the alleged harm, and whether there’s a confidentiality policy. But the orders do not seem to be difficult to get.

What’s striking about the UK cases is the dearth of discussion of freedom of expression issues. Note that free speech and privacy interests rather line up together: privacy gives people the space they need to exercise their freedom of speech. The US takes speech issues more seriously, and has ended up with a test that’s more protective of online anonymity.

I simply make that observation. I’m not sure I support the US position. Plenty of online speech is so nasty and harmful that speakers shouldn’t be able to shelter behind their anonymity, I think. And the US rather tends to underprotect interests of privacy and confidentiality, which don’t feature explicitly in the US Bill of Rights. But we really ought to think through all the arguments before deciding where to set the threshold, and the US does that better than us. And we already have remedies that aren’t available in the US – an ISP put on notice that it’s hosting defamatory material (and presumably, material that breaches privacy or confidentiality) is very probably liable for it in NZ, Australia and the UK, unless it promptly organises its removal. Most US courts have interpreted US safe harbour laws into give ISPs immunity for material even when they know it’s defamatory.

Some would argue that the best remedy in these situations is “more speech”. Go online, and answer back. That’s part of the culture of the net.

Professor Murchison made me realise that this answer isn’t as good as it sounds. For one thing, there are some smears that you can’t really answer back. What are you going to do – go online and say “I’m not incompetent and paranoid” or “I’m not a slut and a skank”? And if you do want to answer back, you may find yourself liable for defamation, infringement of privacy or breach of confidence yourself if you’re not careful with what you say.